openSUSE-SU-2021:3634-1

Опубликовано: 09 нояб. 2021

Источник: suse-cvrf

Описание

Security update for rubygem-activerecord-5_1

This update for rubygem-activerecord-5_1 fixes the following issues:

CVE-2021-22880: Fixed possible DoS vector in PostgreSQL money type (bsc#1182169).

Список пакетов

openSUSE Leap 15.3

ruby2.5-rubygem-activerecord-5_1-5.1.4-5.3.3

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DSBBYVVTCKLFKYMF7OEIC2G2QUWN6ERM/
E-Mail link for openSUSE-SU-2021:3634-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1182169
SUSE Bug 1182169
https://www.suse.com/security/cve/CVE-2021-22880/
SUSE CVE CVE-2021-22880 page

Описание

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.

Затронутые продукты

openSUSE Leap 15.3:ruby2.5-rubygem-activerecord-5_1-5.1.4-5.3.3

Ссылки

https://www.suse.com/security/cve/CVE-2021-22880.html
CVE-2021-22880
https://bugzilla.suse.com/1182169
SUSE Bug 1182169
https://bugzilla.suse.com/1188335
SUSE Bug 1188335

openSUSE-SU-2021:3634-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2021-22880

Описание

Затронутые продукты

Ссылки